Title: “Penetration testing, demonstrations of information gathering, scanning and exploitation techniques using open
source software”By Raviraj Doshi Senior Consultant MIEL E security Pvt Ltd.
I would like to give a talk on penetration testing methodologies. This will include demonstrations of information
gathering, scanning and exploitation techniques using open source software.
Bio:
Over 5 years of experience in the field of information security,networking, penetration testing, application
security and security product development. Also responsible for the research, design and development of patent pending
rootkit detection technologies based on behavioral analysis of malware for MIEL e-Security Pvt. Ltd.
Have worked extensively on the following areas:
. Kernel driver programming
. Windows kernel subversion and stealth malware
. Secure programming and code reviews
. Application security audits
. Network penetration testing
. 802.11 wireless security audits
Title:'Practical Web Application Security Threats', by Sahir Hidayatullah
Senior Security Researcher, MIEL E security Pvt Ltd.
which will illustrate the different vulnerabilities present in modern web applications, as well as the tools and
techniques used to exploit them. Participants will come away with an understanding of how web application security
can be made to fail and what attackers can gain in the process.
Bio:
Sahir has 7 years of experience in computer security consulting. Hehas performed red-team security audits for numerous
Fortune 50 and Fortune 500 companies and has extensive experience in areas such as application security, reverse
engineering, ring-0 rootkits, social engineering and digital forensics. He has also developed patent-pending detection
technologies in the field of stealth malware and has created and delivered technical training programs that are used
globally.
Title: “WiFi Network Security” by Md Sohail Ahmad Manager, R&D, AirTight Networks.
Abstract:
WiFi has become a mainstream technology offering great benefits and efficiencies but carrying with it unique security
challenges. Unsecured WiFi provides an easy target for hit-and-run style attacks allowing hackers to cause severe
damage while remaining invisible and ndetected. In fact, recent incidents show a growing trend that unsecured WiFi is
becoming a safe haven for cybercriminals. The crimes range from sending terror emails, downloading illegal content, to
theft of credit card numbers and other private information. For enterprises, this could lead to leakage of sensitive
data, fines and other penalties, and brand erosion. In a one day workshop you will be taught about the weakness of
WiFi networks, and challenges of securing a real WiFi networks. A lot of new tools that should be used to test WiFi
network's vulnerability will be demonstrated in the lab session.
Speaker's Bio
MD Sohail Ahmad is a senior wireless security researcher at AirTight Networks. Mr Ahmad possesses strong background in
secure driver development, protocol development, and open source tool development. His area of interest includes WiFi
security, assessment and vulnerability analysis. He is a seasoned speaker and has presented his research work in various
security conferences e.g. Defcon, Toorcon, Comsware etc. He is known for the discovery of "Caffe Latte" attack which was
resented in ToorCon9, which was about retrieving WEP key from an isolated client in the absence of its authorized access
oint. Recently, he has released a tool called "WiFish Finder" which is about assessing security of a WiFi enabled client
evice. He holds M.Tech in Computer Science from IIT Roorkee. Prabhash Dhyani is a wireless security researcher working
with Airtight Networks. His interest includes wireless and network security research and tool building. His recent work
"New Avatars of Honeypot Attacks on WiFi Networks" was presented in Hack.In 2009 conference held at IIT Kanpur, India.
He holds BTech in Information Technology (IT) from IIIT Allahabad.
Title:”Introduction to Web Hacking, detection & prevention of top ten most common web vulnerabilities as specified by
OWASP (Open Web Application Security Project)” by Andrew Horton, Founder of Morningstar Security, NZ
Introduction to web hacking. Information on how to detect, prevent and exploit the top ten most common web vulnerabilities
as specified by OWASP (Open Web Application Security Project). Practical attack scenarios and demonstrations will be
given for each of the classes of vulnerability. The 2010 OWASP Top 10 vulnerability classes are injection, cross site
scripting (XSS), broken authentication and session management, insecure direct object references, cross site
request forgery (CSRF), security misconfiguration, failure to restrict url access, unvalidated redirects and
orwards,insecure cryptographic storage, insufficient transport layer protection. Examples will be given in PHP
because it is the most common web language.
BRIEF BIOGRAPHY:
Andrew Horton, founder of Morningstar Security, has been involved with IT security for over 10 years. MorningStar
Security is a New Zealand based business providing IT security consulting worldwide, with a specialised focus on
website penetration testing andsecurity assessment. The website is fast becoming a popular site for daily IT security
news. Andrew has a strong interest in emerging areas of IT security research,and has published vulnerability research,
exploit code and security tools for public use. He has published advanced security tools on topics such as geographic
network scanning, web fingerprinting, web typo errors and more. Several such tools are available at
www.morningstarsecurity.com/research. Whatweb, Andrew's opensource, next generation web fingerprinting scanner,recently
eceived international acclaim. It was released at the 2009 Kiwicon IT security conference held in New Zealand during his
alk on next generation web scanning. Whatweb has since been written about by
security specialists in English, French and Spanish.